San Francisco public transit system hit in ransomware attack

The San Francisco Municipal Transportation Agency said on Monday it had contained a cyber attack, which disrupted its ticketing systems and forced it to offer free service to some customers during the Thanksgiving weekend.

The agency, known widely as Muni, said it was the victim of a ransomware attack on Friday that affected internal computer systems including email, but had no impact on safe operation of transit services.

The agency disabled fare gates from Friday to Sunday “as a precaution to minimize possible impacts to our customers,” Muni spokesman Paul Rose said in an email on Monday.

Muni said on its website that “the situation is now contained and we have prioritized restoring our systems to be fully operational.

It was the latest high-profile intrusion with ransomware, a pernicious type of computer virus that scrambles data on infected machines, sometimes making it impossible for organizations to deliver critical services.

Attacks have increased sharply over the past year, with criminals targeting hospitals, police departments and other providers of critical services in the United States and Europe. Criminals typically charge a few hundred dollars to tens of thousands of dollars or more to provide digital keys that restore systems to normal.

U.S. Federal Bureau of Investigation spokesman Prentice Danner said the agency was “in contact with Muni officials,” though he declined to say if the FBI had launched a formal investigation.

The San Francisco Examiner reported that someone claiming to be the attacker informed the newspaper of a $73,000 ransom demand.

Reuters was unable to confirm details of the extortion demand or determine if payment had been made.

The attack disrupted ticket-selling systems, causing kiosk screens to display the phrase “You Hacked, ALL Data Encrypted,” according to the Examiner.

(Reporting by Jim Finkle in Boston; Editing by Chizu Nomiyama, Bill Trott and David Gregorio)